Deceptive Site Ahead: Google to warn about fake buttons - gHacks Tech News

Deceptive Site Ahead: Google to warn about fake buttons

Google announced yesterday an addition to the company's Safe Browsing technology (Deceptive Site Ahead) that will flag sites with deceptive buttons to users of the company's Chrome web browser and in other programs that make use of Safe Browsing.

Deceptive buttons, either in the form of advertisement displayed on a page or embedded directly on a page by the owner of the site, come in many forms.

These buttons may display actions to download, update, install or play on a site they are displayed on, and are usually accompanied by a notification-type message that makes the action seem important.

Basic examples are actions to install software to play media on a page, or download buttons that don't download the software hosted on the site but unrelated third-party offerings.

Deceptive Site Ahead

The new "deceptive site ahead" message appears in the Chrome web browser instead of web pages if Google considers the site to be "social engineering" due to the use of content that tries to deceive users who visit it.

deceptive site

The message reads:

Deceptive site ahead.

Attackers on [site url] may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).

A click on details displays an option to override the warning and continue to the site.

Google mentions two specific scenarios in which sites may be flagged as deceptive:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

While some webmasters use these types of deceptive practices on purpose, others may be affected by it indirectly though advertisement displayed on their sites.

Google has created a support page for webmasters that offers instructions on how to troubleshoot the issue and resolve it so that the "deceptive site ahead" warning notification is removed from the site.

Webmasters whose site's were flagged for containing social engineering content may start the troubleshooting by opening the security issues report on Google Webmaster Tools. There they should find listed information such as sample urls that were flagged.

The actual removal may be problematic, as webmasters need to find the source of the deceptive content and remove it. Afterwards, they need to request a review of the site which Google claims may take between two and three days to complete.

Summary
Deceptive Site Ahead: Google to warn about fake buttons
Article Name
Deceptive Site Ahead: Google to warn about fake buttons
Description
Google Safe Browsing's new Deceptive Site Ahead warning protects users of Google Chrome from visiting sites displaying social engineering content.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Adam said on February 4, 2016 at 11:44 am
    Reply

    Hate these fake download buttons. Many times I’ve downloaded malware and viruses on my computer because I thought the button was real. Even when I noticed it wasn’t the real program and I canceled the installation process it still installed loads of malware on my computer. This is why I’m doing a complete reinstall of my Windows now. Kaspersky was no help. Pointless software if it doesn’t protect my computer. :/

  2. joncr said on February 4, 2016 at 12:33 pm
    Reply

    No anti-virus or anti-malware program can protect you from errors of your own making. Google has the resources and the browser to pull this off. Kaspersky doesn’t.

    If we’re redirected to a site with two or more generic download links, we ought to have sense enough to just leave. What safe and legitimate site would post multiple, unspecific, essentially identical download links on the same page?

  3. Christoph Wagner said on February 4, 2016 at 1:43 pm
    Reply

    Wait, I’m pretty sure I’ve seen adwords ads before that had exactly that behavior.

    1. batman said on February 4, 2016 at 2:29 pm
      Reply

      I would say all of them.

  4. Bobby Phoenix said on February 4, 2016 at 3:36 pm
    Reply

    This will help a lot of people. One way I try to avoid fake buttons is to right click, and scan with Virustotal. You can install the extension for Virustotal through either the browser’s own site for extensions, or from Virustotal.com directly. It really saves time as you can see the download/link that the button is saying it is, or isn’t, and then the results from about 53 different scans.

  5. Zach said on February 4, 2016 at 3:37 pm
    Reply

    Although I don’t use Chrome or Google, I am glad that Google is taking the initiative against these deceptive ads. I hope by doing so, other browsers will follow suit. It may not eradicate shady practices like these but any action is a step in the right direction.

  6. S2015 said on February 4, 2016 at 6:09 pm
    Reply

    Glad to see Chrome is following Firefox lol – FF has similar security module as well: “Reported Attack Pages”.

    1. anon said on February 4, 2016 at 7:58 pm
      Reply

      Firefox uses Google Safe Browsing.

  7. ddk said on February 4, 2016 at 6:21 pm
    Reply

    Ublock seems to hide a lot of fake DL buttons also.

  8. peerer said on February 4, 2016 at 8:22 pm
    Reply

    so there won’t be “install chrome” buttons in google.com?
    cool

  9. mikef90000 said on February 5, 2016 at 12:38 am
    Reply

    When in doubt, close the browser itself.
    If even that window appears to be tampered, use your system monitor / task manager to kill it.

    At any rate, good to see more warnings from the browser. Due to ublock origin, I rarely see this malware.

  10. Yogesh Patel said on May 17, 2016 at 7:44 am
    Reply

    Google is catching even safe blogs as well. Two of my blogs were caught by this error and we don’t use any other Adcodes other than Google AdSense. There is no chance that we offer bad downloads on our WordPress self hosted blogs.

    1. chesscanoe said on May 17, 2016 at 1:59 pm
      Reply

      WordPress can have security problems just like anyone else. For example see
      https://wordpress.org/news/2016/05/wordpress-4-5-2/ . I don’t know if this example or other prior WordPress releases could account for your problem.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.